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DETAILED ACTION 

1. Claims 1-25 have been examined. 

Drawings 

2. The replacement drawings filed 04/10/2002 were received on 04/12/2003. These 
drawings are approved. 

Claim Objections 

3. Claim 3 is objected to because of the following informalities: delete "resource." in line 2 
and replace with —resource identification.—. Appropriate correction is required. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

5. Claims 1-4, 6-13, 15-21, and 23-25 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Hunnicutt et al., U.S. Patent No. 5,889,952 A. 
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As per claim 1, Hunnicutt et al. illustrate a computer system that determines authorization 
privileges for resources for a user, comprising: 
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a file system on which the resources reside (see column 3, lines 51-55; figure 1 ? items 
107 and 109; a file storage volume on non-volatile memory containing various files); 

a first software (see column 3, lines 40-45; figure 1, items 104 and 105; programmed 
instructions for an access check system stored on Random Access Memory (RAM) and Read 
Only Memory (ROM); 

the first software acting to: 

intercept an authorization request from a user for a particular resource (see column 6, 
lines 13-15; figure 3, item 300; User 1 requests to read a file); 

search a cache to determine if the resource may be accessed by the user (see column 6, 
lines 13-19; figure 4, items 401 and 402; checking the access-cache for an access-permission 
matching the current request, comprising a file-name field and a user-token field, 

where the cache contains results of prior authorization requests (see column 4, lines 11- 
21; figure 2, items 204 and 205; where the user token corresponds to a particular user at this 
request during the current login and previous requests during previous logins); and 

selectively authorize (see column 6, lines 16-22; figure 4, items 405, 300, and TOKEN1; 
when the access-permission contains the token for User 1 with the file-object, User 1 has been 
granted permission to read the file) or deny the use of the resource based upon a result of the 
search of the cache (see column 7, lines 23-32; if the user-token is not present or has been 
removed from the access-cache, the possibility of allowing access to resources to the user has 
been eliminated). 



As per claim 2, Hunnicutt et al. further disclose: 
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that the first software authorizes or denies the use of the resource based upon 
predetermined parameters (see column 6, lines 14-16; figure 4, items 401 and 402; access 
permission based on the user token and file-name; see column 6, lines 55-62; and on level of 
access, such as full control, read-write, and read). 

As per claim 3, Hunnicutt et al. then specify: 

that a predetermined parameter comprises a requesting resource identification (see 
column 6, lines 14-16; figure 4, items 401 and 403; access permission based on the file-name of 
the file-object requested by the user). 

As per claim 4, Hunnicutt et al. additionally point out: 

that a predetermined parameter comprises a user ID (see column 6, lines 14-16; figure 4, 
item 402; access permission based on the user token). 

As per claim 6, Hunnicutt et al. moreover describe: 

that the search of the cache is based on a key, derived from one or more search 
parameters (see column 6, lines 16-19; figure 4, items 401, 402, and 405; the access-permission 
is searched by a file-name field containing the name of the requested file and a user-token field 
containing User 1 's user-token). 



As per claim 7, Hunnicutt et al. then elaborate: 
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that one of the parameters comprises the.FID (see column 6, lines 16-19; figure 4, items 
401 and 405; the access-permission is searched by a file-name field containing the name of the 
requested file). 

As per claim 8, Hunnicutt et al. alternatively explain: 

that the first software initiates an authorization protocol that determines an authorization 
status of the resource when the search of the cache of authorization requests fails to reveal any 
previous requests (see column 6, lines 35-44; figures 3 and 4; item 300; when none of the access- 
permissions for a file-object 300 matches IJser 2's user-token TOKEN 2, a full, file open, access 
check is performed to determine the access-permission granted to User 2). 

As per claim 9, Hunnicutt et al. further discuss: 

that the results of the authorization protocol to determine an authorization status of the 
resource are added to the cache (see column 6, lines 48-52; figure 4, items 300 and 400; after the 
file-open access check is completed, an access-permission is added to the access-cache so that a 
file-open access check will not need to be performed the next time User 2 requests the file-object 
300). 

As per claims 10 and 18, Hunnicutt et al. illustrate a method and computer program 
product on a computer usable medium to determine authorization privileges for resources for a 
user of a computer system, comprising: 
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intercepting an authorization request from a user for a particular resource (see column 6, 
lines 13-15; figure 3, item 300; User 1 requests to read a file); 

searching a cache to determine if the resource may be accessed (see column 6, lines 13- 
19; figure 4, items 401 and 402; checking the access-cache for an access-permission matching 
the current request, comprising a file-name field and a user-token field, 

where the cache contains results of prior authorization requests (see column 4, lines 11- 
21 ; figure 2, items 204 and 205; where the user token corresponds to a particular user at this 
request during the current login and previous requests during previous logins); and 

if a hit is made in the cache, selectively deciding the authorization request based at least 
in part on information found in the cache (see column 6, lines 16-22; figure 4, items 405, 300, 
and TOKEN 1 ; when the access-permission contains the token for User 1 with the file-object, 
User 1 has been granted permission to read the file; see column 7, lines 23-32; if the user-token 
is not present or has been removed from the access-cache, the possibility of allowing access to 
resources to the user has been eliminated). 

As per claims 1 1 and 19, Hunnicutt et al. further disclose: 
that the first software authorizes or denies the use of the resource based upon 
predetermined parameters associated with the request (see column 6, lines 14-16; figure 4, items 
401 and 402; access permission based on the user token and file-name; see column 6, lines 55- 
62; and on level of access, such as full control, read-write, and read). 

As per claims 12 and 20, Hunnicutt et al. then specify: 
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that a predetermined parameter comprises a requesting resource identification (see 
column 6, lines 14-16; figure 4, items 401 and 403; access permission based on the file-name of 
the file-object requested by the user). 

As per claims 13 and 21, Hunnicutt et al. additionally point out: 
that a predetermined parameter comprises a user identification (see column 6, lines 14- 
16; figure 4, item 402; access permission based on the user token). 

As per claim 15 and 23, Hunnicutt et al. then elaborate: 

that the outcome of the step of searching is based at least in part upon an FID (see column 
6, lines 16-19; figure 4, items 401 and 405; the access-permission is searched by a file-name 
field containing the name of the requested file). 

As per claims 16 and 24, Hunnicutt et al. alternatively explain: 

initiating an authorization protocol that determines an authorization status of the resource 
when the search of the cache of authorization requests fails to reveal any requests (see column 6, 
lines 35-44; figures 3 and 4; item 300; when none of the access-permissions for a file-object 300 
matches User 2's user-token TOKEN 2, a full, file open, access check is performed to determine 
the access-permission granted to User 2). 

As per claims 17 and 25, Hunnicutt et al. further discuss: 
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saving in the cache the results of the authorization protocol to determine an authorization 
status of the resource (see column 6, lines 48-52; figure 4, items 300 and 400; after the file-open 
access check is completed, an access-permission is added to the access-cache so that a file-open 
access check will not need to be performed the next time User 2 requests the file-object 300). 



Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 5, 14, and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hunnicutt et al., U.S. Patent No. 5,889,952 A as applied to claims 2, 1 1, and 19, respectively 
above, and further in view of Garg et ah, U.S. Patent Application Publication No. US 
2002/0002577 Al. 

Hunnicutt et al. disclose the computer system, the method, and the computer program 
product of claims 2, 11, and 19, respectively. However, they do not explicitly teach authorizing 
or denying use of a resource based on a time of day. Garg et al. describe authorizing or denying 
use of a resource based on a time of day (see ^ [0042]; an access control decision based on time 
of day). Therefore, it would have been obvious to one of ordinary skill in the computer art at the 
time the invention was made to combine the computer system, the method, and the computer 
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program product of Hunnicutt et al with authorizing or denying use of a resource based on a the 
time of day of Garg et al. to have complete flexibility in the definition and implementation of 
customer authorization policy (see ^] [0042]). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Justin T. Darrow whose telephone number is (571) 272-3801, and 
whose electronic mail address isjustin.darrow@uspto.gov. The examiner can normally be 
reached Monday-Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr., can be reached at (571) 272-3799. 

The fax number for Formal or Official faxes to Technology Center 2100 is (703) 872- 
9306. In order for a formal paper transmitted by fax to be entered into the application file, the 
paper and/or fax cover sheet must be signed by a representative for the applicant. Faxed formal 
papers for application file entry, such as amendments adding claims, extensions of time, and 
statutory disclaimers for which fees must be charged before entry, must be transmitted with an 
authorization to charge a deposit account to cover such fees. It is also recommended that the 
cover sheet for the fax of a formal paper have printed "OFFICIAL FAX". Formal papers 
transmitted by fax usually require three business days for entry into the application file and 
consideration by the examiner. Formal or Official faxes including amendments after final 
rejection (37 CFR 1.116) should be submitted to (703) 872-9306 for expedited entry into the 
application file. It is further recommended that the cover sheet for the fax containing an 
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amendment after final rejection have printed not only "OFFICIAL FAX" but also 
"AMENDMENT AFTER FINAL" 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is (571) 272-2100. 
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